Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-16 Thread Gordon Ross
On Sun, Aug 12, 2012 at 6:51 PM, Jim Klimov wrote: > I might suggest an alternative solution, which may be an overkill for > a single fileserver, but is rather widely employed in heterogenous > shops: fire up a naming service (such as LDAP), and the fileserver > would be its client. idmap mappings

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-14 Thread Jim Klimov
2012-08-13 21:11, Günther Alka пишет: with SAMBA and winbind you may loose: - snaps via Windows previous version Also, I forgot to mention that with both kernel CIFS and SAMBA you can access a share's (hidden or exposed) ".zfs/snapshots" directory (if the share is the root of a ZFS filesystem

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-14 Thread Jim Klimov
I am not sure if all of my comment is true and valid, but *I think* that SAMBA is designed as a more interoperable piece of software - being a userland program, it is more extensible. And likely it can implement what you desire from an OpenSolaris server in a more consistent and comfortable way th

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread alka
yes you are correct, without writing the Windows SID and using the idmap mechanism of CIFS it seems not possible - even during sessions because the idmap table is only created after a login of an SMB user. Am 13.08.2012 um 20:22 schrieb Frank Lahm: > 2012/8/13 Günther Alka : >> with SAMBA and

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread Frank Lahm
2012/8/13 Günther Alka : > with SAMBA and winbind you may loose: > > - snaps via Windows previous version > - Windows compatible ntfs4 ACL (only Posix ACL ?) > - SMB as a ZFS property > - interoperability with NFS4 > - movable pools that keep ACL intact > - performance, kernel based CIFS server is

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread Günther Alka
with SAMBA and winbind you may loose: - snaps via Windows previous version - Windows compatible ntfs4 ACL (only Posix ACL ?) - SMB as a ZFS property - interoperability with NFS4 - movable pools that keep ACL intact - performance, kernel based CIFS server is mostly faster - CIFS is managed by Illum

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread James Relph
> The problem that must be solved: > a File created from CIFS must have the same owner SID/ ACL/ UID/ GID > like those created with netatalk. (interoperabiity) The thing is that surely that's an API or system level requirement - it shouldn't be up to each server application to reverse-engineer wh

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread James Relph
> I would say, OpenIndiana/ Solaris (as a fileserver) is useless without its > Windows compatible > Snap, ACL and CIFS features. These are the killer arguments to use OI/ > Solaris widely - the most compatible > Windows-server on Unix. I think the only thing you're missing moving to SAMBA+winbi

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-12 Thread alka
If CIFS can do it without this complexity, it must give an easier way - and maybee the problem is only the Oracle/ SUN documentation When I understand the mechanism of CIFS and AD correctly, see www.oug.org/files/presentations/cifs-losug.pdf - ZFS really stores the AD Windows SID as a Filesyste

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-12 Thread Jim Klimov
I might suggest an alternative solution, which may be an overkill for a single fileserver, but is rather widely employed in heterogenous shops: fire up a naming service (such as LDAP), and the fileserver would be its client. idmap mappings can be set up to map Windows users not to ephemeral IDs, b

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-12 Thread Günther Alka
On 12.08.2012 19:42, Frank Lahm wrote: *sigh* I was just giving a pointer to some doc I have spent considerable time and effort to provide a consolidated ressource for anybody facing this problem. You may notice that using idmu is one the things explained in great length. Feel free to add links a

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-12 Thread Frank Lahm
2012/8/11 Gea : > Frank Lahm gmail.com> writes: > >> >> 2012/8/10 Gordon Ross gmail.com>: >> > On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm gmail.com> >> > wrote: >> >> 2012/8/10 Gordon Ross gmail.com>: >> > [...] >> >>> If you setup idmap to use IDMU, then you'll get the UID/GID values >> >>>

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-11 Thread Gea
Frank Lahm gmail.com> writes: > > 2012/8/10 Gordon Ross gmail.com>: > > On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm gmail.com> > > wrote: > >> 2012/8/10 Gordon Ross gmail.com>: > > [...] > >>> If you setup idmap to use IDMU, then you'll get the UID/GID values > >>> provided by AD, which are

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Frank Lahm
2012/8/10 Gordon Ross : > On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm wrote: >> 2012/8/10 Gordon Ross : > [...] >>> If you setup idmap to use IDMU, then you'll get the UID/GID values >>> provided by AD, which are presumably the same values your other LDAP >>> clients will get from AD. :) >> >>

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Gordon Ross
On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm wrote: > 2012/8/10 Gordon Ross : [...] >> If you setup idmap to use IDMU, then you'll get the UID/GID values >> provided by AD, which are presumably the same values your other LDAP >> clients will get from AD. :) > >

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Frank Lahm
2012/8/10 Gordon Ross : > On Tue, Aug 7, 2012 at 9:25 AM, James Relph wrote: >>> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both >>> allowing AD users to login (netatalk 3 via PAM). One thing that's a bit >>> puzzling is that the afpd process correctly gets the correct u

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Gordon Ross
On Tue, Aug 7, 2012 at 9:25 AM, James Relph wrote: >> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both >> allowing AD users to login (netatalk 3 via PAM). One thing that's a bit >> puzzling is that the afpd process correctly gets the correct username >> mapping (and show

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-07 Thread James Relph
> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both > allowing AD users to login (netatalk 3 via PAM). One thing that's a bit > puzzling is that the afpd process correctly gets the correct username mapping > (and shows up as being owned by the correct user with a ps listin

[OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-06 Thread James Relph
Hi, I've got a server hooked up to a 2003 AD and CIFS and netatalk are both allowing AD users to login (netatalk 3 via PAM). One thing that's a bit puzzling is that the afpd process correctly gets the correct username mapping (and shows up as being owned by the correct user with a ps listing),